On Thu, 23 Dec 2010 21:12 GMT Peter Addy wrote:
>Hi,
>
>has anyone out there had any experience with setting up a VPN between a
>Checkpoint NGX R65 with a Microsoft ISA Firewall.
>
>We have configured our Checkpoint as usual but with tunnel management set as
>per
>host.
>
>Strange thing is we can do the key exchange, exchange hosts, and can even see
>the application being tested incoming, the packets comes into our firewall
>which
>is then decrypted, this then Nat's correctly and so forth to the destination
>server, so all looks fine
>
>I even do a tcpdump on the internal interface on our firewall and can see
>packets being exchange between the translation source IP and translated
>destination server, however the user does not get any response back.
>
>If all looks fine and address translation is happening and we do not see any
>errors in our logs, then does anyone please know what might be the problem?
>
>Has anyone out there had any experience with setting up a VPN between a
>Checkpoint NGX R65 with a Microsoft ISA Firewall?
>
>We have configured our Checkpoint as usual but with tunnel management set as
>per
>host for this one device
>
>The user below gets the messages in his ISA Firewall log
>
>Log type: Firewall service
>Status: A connection was closed because no SYN / ACK response is received from
>the server
>
>
>Log type: Firewall service
>Status: A connection attempt failed because the connected party did not
>properly
>respond after a certain period of time, or established connection failed
>because
>connected host has failed to respond
>Is there anything I have missed, why would the user not get a response back?
>Also if we do a tcpdump on the external interface of the firewall for the host
>address connecting, not the vpn gateway address, would we see this, or is this
>within the tunnel and the only thing we should see is ISAKAMP, reason I ask is
>that we do see on the external interface connections on say port 3389, surely
>this is not right
>Thanks
>
>
>
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================
Scanned by Check Point Total Security Gateway.
